Privacy Policy

Last updated: 13 June 2026 · Applies to the Tactiq Club mobile app and the website at app.tactiqclub.com.

This Privacy Policy explains how Tactic Club (“we”, “us”), the provider of the Tactiq Club app, collects, uses, shares and protects personal data when you use our app and services (the “Service”). It is written to meet the UK GDPR and Data Protection Act 2018, the EU GDPR, and US privacy laws including the California Consumer Privacy Act as amended (CCPA/CPRA) and the Children’s Online Privacy Protection Act (COPPA).

1. Who we are (Data Controller)

The data controller responsible for your personal data is: Entity: Tactic Club Company number: [COMPANY NUMBER] Registered address: [REGISTERED ADDRESS, UK] Contact: tactiqclub@gmail.com We are established in the United Kingdom, so our lead supervisory authority is the UK Information Commissioner’s Office (ICO). We have not appointed a Data Protection Officer; for any privacy matter, contact us at the address above. EU representative. If you offer the Service to users located in the EU, UK-based providers generally must appoint an EU representative under GDPR Article 27. [If you serve EU users, name your EU representative here. If you are only serving the UK for now, you can delete this paragraph.]

2. The personal data we collect

We collect the following, depending on how you use the Service:

CategoryExamplesSource Account & profileName, email address, password (hashed), role (e.g. player, coach, guardian, club admin), profile details you addYou Guardian & minor linksThe relationship between a guardian account and a child’s account, the child’s name and limited profile data, consent recordsGuardian / club Payment dataSubscription status and transaction history. Card details are entered directly with Stripe and are not stored by usYou / Stripe Usage & device dataApp interactions, feature usage, device type, OS version, app version, approximate region, crash/diagnostic dataAutomatic (PostHog, Expo) CommunicationsEmails and in-app messages, support requestsYou

Adjust this table to your actual data. If you collect anything not listed (e.g. precise location, photos, health/fitness data, contacts), add it — and declare it identically in the store privacy labels.

3. How we use your data and our legal bases

Under the UK and EU GDPR we rely on these lawful bases:

PurposeLawful basis Creating and running your account; providing core app featuresPerformance of a contract Processing subscriptions and payments (via Stripe)Performance of a contract Linking guardians and minors; verifying guardian consentConsent (and, for under-13s, verifiable parental consent — see Section 6) Security, fraud prevention, keeping the Service reliableLegitimate interests Product analytics and improvementConsent where required, otherwise legitimate interests Sending service emails (e.g. password resets)Performance of a contract / legitimate interests Marketing emails, if anyConsent Meeting legal, tax and accounting obligationsLegal obligation

4. Who we share data with (subprocessors)

We use the trusted service providers below to operate the Service. They act as our processors and may only use the data to provide their service to us. We do not sell your personal data. ProviderPurposeData involved StripePayment processing & subscriptionsPayment and transaction data, billing identifiers ExpoApp build, delivery & push notificationsDevice tokens, diagnostic data ResendTransactional & service email deliveryEmail address, message content PostHogProduct analyticsUsage events, device/app data, pseudonymous identifiers RailwayApplication hosting & database infrastructureAll data stored by the Service We may also share data with professional advisers, or where required by law, regulators, or in connection with a business transfer. Each provider maintains its own privacy policy describing how it handles data.

5. International data transfers

Some of our providers process data outside the UK and EEA, including in the United States. Where data leaves the UK/EEA we rely on an appropriate safeguard, such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or a provider’s certification under the EU–US / UK–US Data Privacy Framework. You can request details of the safeguards we use at tactiqclub@gmail.com.

6. Children’s data

Tactiq Club is a general-audience service for sports clubs that is also used by children through guardian-linked accounts. It is a “mixed audience” service, not a service directed primarily at children. Because some users are minors, we take particular care with children’s data and apply protections based on a user’s age: Age screening. Where appropriate we ask users their age in a neutral way (without encouraging anyone to misstate it). We apply children’s protections to anyone who indicates they are below the relevant age, and we do not collect more personal data from a child than is reasonably necessary to use the Service. United Kingdom. Under UK GDPR Article 8, the age at which a child can consent to online services is 13. For children under 13, a person with parental responsibility provides and manages consent. We design the Service in line with the ICO’s Age Appropriate Design Code (Children’s Code): data minimisation, high-privacy defaults for children, and no use of children’s data in ways detrimental to them. European Union. The digital-consent age ranges from 13 to 16 depending on the member state; below that age, parental consent is required. United States (COPPA). For children under 13, we obtain verifiable parental consent before collecting personal information, give parents the right to review and delete their child’s data and to refuse further collection, and limit collection to what is reasonably necessary. We do not condition a child’s participation on disclosing more data than necessary, and we do not sell or share children’s data for cross-context behavioural advertising. A guardian can review, correct, or delete a linked child’s data at any time — see our account deletion page or contact tactiqclub@gmail.com.

Legal Advisory: Assess if your event is 'child-directed' via COPPA. You must use high-level verification for guardians, like credit card checks or ID. This is a high-risk area requiring specialized legal review.

Parents/Guardians may edit or wipe a child's record through settings or via direct support. Contact us at tactiqclub@gmail.com

7. How long we keep data

We keep personal data only as long as needed. Account and profile data is deleted from our active systems within 30 days of account deletion, and purged from our backups within 30 days. We do not store card or payment-card details — payment and transaction records are held by Stripe, which retains them as required for tax, accounting and fraud-prevention purposes under its own terms and applicable law.

8. Your rights

Depending on where you live, you have rights over your personal data. Under the UK/EU GDPR these include access, rectification, erasure, restriction, objection, portability, and withdrawing consent. Under the CCPA/CPRA, California residents have the right to know, delete, correct, opt out of sale/sharing, and not be discriminated against for exercising these rights. To exercise any right, email tactiqclub@gmail.com or use the in-app controls. To delete your account, see app.tactiqclub.com/delete-account. We will verify your identity before acting on a request and respond within the timeframe the law requires.

9. California (CCPA/CPRA) disclosures

In the past 12 months we have collected the categories of data described in Section 2 (identifiers, commercial information, internet/usage activity, and the relationship data needed for guardian links), for the purposes in Section 3, and shared it with the providers in Section 4. We do not sell personal information, and we do not knowingly sell or share the personal information of consumers under 16. If our analytics activity (e.g. PostHog) is ever configured in a way that amounts to “sharing” for cross-context behavioural advertising under the CPRA, we will provide a “Do Not Sell or Share My Personal Information” option. As currently configured, we use analytics only to operate and improve the Service.

10. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and hashed passwords — to protect personal data. No system is perfectly secure, but we work to protect your information and will notify you and the ICO of a breach where the law requires.

11. Changes to this policy

We may update this policy from time to time. We will post the new version here with an updated date and, for significant changes, notify you in the app or by email.

12. How to contact us or complain

Questions or requests: tactiqclub@gmail.com. If you are in the UK and unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk. If you are in the EU, you can complain to your local data protection authority. We’d appreciate the chance to address your concern first.